UtterIDE Privacy Policy

Last updated: 2026-07-05

This Privacy Policy explains how UtterIDE handles data.

UtterIDE is currently a beta product. This policy may be updated as the product evolves, especially if paid plans, telemetry, cloud services, or additional integrations are introduced.

This document is not legal advice. Organizations using UtterIDE with personal data, confidential data, customer data, production systems, or regulated environments should review their own legal, security, and compliance requirements.


1. Summary

UtterIDE is designed as a local-first Visual Studio Code extension.

UtterIDE does not require an UtterIDE account.

UtterIDE does not operate a central backend server for storing your code, prompts, project files, database credentials, chat history, memory files, run logs, or API keys.

Most UtterIDE data is stored locally on your machine or inside your project workspace.

However, when you choose to use a cloud LLM provider such as DeepSeek, Anthropic, OpenAI, Google, OpenRouter, Ollama Cloud, or another supported provider, selected prompts, code context, file contents, database query results, logs, or other workspace information may be sent directly from your machine to that provider.

UtterIDE uses a Bring Your Own Key model. You are responsible for the API keys and providers you choose to use.


2. What UtterIDE Does Not Collect Centrally

UtterIDE currently does not collect, transmit, or store the following on an UtterIDE-owned backend server:

UtterIDE currently has no central user account system and no central cloud storage for user projects.


3. Local Storage

UtterIDE may store data locally on your machine or inside your workspace.

Examples may include:

These files may contain sensitive project information.

You are responsible for protecting these files.

You should decide whether to:

Recommended default:

.utteride/runs/
.utteride/*.local.json
.utteride/secrets*

Depending on your project, you may also want to exclude all .utteride/ files from Git.


4. API Keys

UtterIDE uses a Bring Your Own Key model.

You may connect your own API keys for providers such as:

UtterIDE is designed to store API keys using Visual Studio Code’s secure secret storage where supported.

API keys should not be stored in plain text files.

UtterIDE should not intentionally store API keys in:

You are responsible for:


5. Third-Party LLM Providers

UtterIDE may send selected data directly from your machine to your chosen LLM provider.

Examples of data that may be sent include:

UtterIDE does not control how third-party providers process, store, secure, retain, or use data sent to them.

Your use of each provider is governed by that provider’s own terms, privacy policy, data processing terms, retention policy, and security practices.

UtterIDE is not affiliated with DeepSeek, Anthropic, OpenAI, Google, Microsoft, OpenRouter, Ollama, or other providers unless explicitly stated.

Before using a provider, you should review that provider’s terms and privacy policy.


6. Cloud vs Local Runtime

UtterIDE may support both cloud and local runtimes.

Cloud runtime

When using a cloud provider, selected context is sent to that provider.

Examples:

Local runtime

When using a local runtime, model execution may happen on your machine.

Examples:

Local runtime can reduce cloud data transfer, but local runtime does not automatically mean that all risk is removed. Local logs, local files, plugins, extensions, malware, backups, Git repositories, or system-level tools may still expose data if misconfigured.

UtterIDE should clearly display whether the active provider is local or cloud where possible.


7. Sensitive Data and PII Masking

UtterIDE may include local masking features designed to reduce the risk of sending sensitive information to cloud LLM providers.

For example, database query results may be intercepted before being sent to an LLM provider and masked according to rules in:

.utteride/pii_rules.json

Potentially sensitive fields may include:

Masking may replace values with placeholders such as:

***MASKED***

Important limitation

PII masking is a safety feature, not a guarantee.

UtterIDE may fail to detect sensitive data.

Rules may be incomplete.

Column names may be misleading.

Sensitive data may appear in unexpected fields, logs, comments, stack traces, filenames, database rows, JSON blobs, free text, or generated content.

You are responsible for reviewing what data may be sent to third-party providers and for ensuring that your use complies with applicable law, contracts, policies, and confidentiality obligations.


8. Databases

UtterIDE may support connecting to databases such as PostgreSQL or PostGIS.

Database credentials should be stored locally using secure storage where supported.

UtterIDE may be able to:

Database actions can expose or modify sensitive data.

You are responsible for:

Recommended practice:


9. Terminal and System Access

UtterIDE may support executing terminal commands.

Commands run with the permissions of the user account and VS Code session where UtterIDE is running.

UtterIDE does not have more operating system permissions than the user/session grants it, but those permissions may still be powerful enough to modify or delete files, install packages, change Git repositories, or affect local systems.

Terminal output may contain sensitive data.

If terminal output is sent to a cloud LLM provider, it may be processed by that provider.

You are responsible for reviewing terminal commands and outputs before allowing them to be used or transmitted.


10. Git and Source Control

UtterIDE may support Git actions such as:

Git actions can expose or publish code and sensitive information.

You are responsible for reviewing:

Before committing or pushing, ensure that secrets, database credentials, personal data, tokens, logs, and local .utteride/ files are not accidentally included.


11. Run Ledger and Logs

UtterIDE may create local run logs or run ledger files.

These may record:

Run ledger files are intended to help users understand what happened during an agent run.

Run ledger files may contain sensitive information.

You are responsible for protecting, deleting, excluding, or sharing these files appropriately.


12. Cost and Billing Data

UtterIDE may show estimated or exact usage costs for third-party LLM providers.

Cost information may include:

UtterIDE does not control third-party provider billing.

You are responsible for monitoring your own provider accounts, balances, invoices, usage limits, and API costs.

UtterIDE cost estimates may be inaccurate.


13. Telemetry

The current intended model is no central UtterIDE backend and no required user account.

If telemetry, analytics, crash reporting, usage metrics, licensing checks, cloud sync, or paid account features are introduced in the future, this Privacy Policy should be updated before those features are enabled.

If telemetry is added, it should be:


14. Future Paid Plans

UtterIDE may be free during beta.

Future versions may introduce:

Third-party LLM costs are separate from any UtterIDE subscription unless explicitly stated.

Users remain responsible for any charges from their chosen providers.


15. Children

UtterIDE is intended for developers and technical users.

It is not intended for children.

Do not use UtterIDE to process children’s personal data unless you are authorized to do so and have reviewed applicable legal requirements.


16. Security

UtterIDE is designed to reduce certain risks through local storage, secure secret storage, review-first workflows, PII masking, and local run logs.

However, no software can guarantee complete security.

Risks may include:

You should use standard security practices, including:


17. User Responsibilities

By using UtterIDE, you are responsible for:


18. Contact

If an official support email, website, company name, or contact method is later created for UtterIDE, it should be added here.

Until then, this Privacy Policy is a beta draft and should be reviewed before public release.


19. Changes to This Policy

This policy may be updated over time.

Changes may be required as UtterIDE evolves, especially if the product adds:

Users should review the latest version before using UtterIDE with sensitive, confidential, regulated, or production data.